Review of NSA, Cyber Command leadership structure ends without official recommendation

Date: 2022-11-23T18:40:48+00:00

Location: therecord.media

The Biden administration’s evaluation of the leadership structure ruling U.S. Cyber Command and the National Security Agency finished late last month and did not make a formal recommendation about whether or not to end the long-standing arrangement, three sources familiar with the review told The Record.

The findings by the small study group — led by former Joint Chiefs of Staff Chairman Joseph F. Dunford Jr. — have been shared with Secretary of Defense Lloyd Austin and Director of National Intelligence Avril Haines, according to the sources, who spoke on the condition of anonymity. 

The Record first reported the existence of the review in September. 

One source said that while the four-member group didn’t stake out a position for or against splitting the so-called “dual-hat,” which has existed since Cyber Command was created in 2009 to help the then-nascent command’s development, its assessment makes clear that keeping the arrangement intact creates benefits for U.S. national security.

The outcome of the weeks-long study likely means that there will not be a new debate about whether to break up the posts of NSA director and Cyber Command chief any time soon. The relationship was almost severed near the end of the Obama administration and twice while Donald Trump was in the White House, the second being an 11th hour push by a small group of Pentagon political appointees.

Gen. Paul Nakasone, who has led Cyber Command and NSA since May 2018, has long advocated for the benefits of the dual-hat arrangement, especially the speed it allows him to make operational decisions in cyberspace.

Supporters of the joint role believe there is a natural partnership between the country’s top digital warfighting command and its largest intelligence agency — co-located at Fort Meade, Md. — and having one person oversee both makes the U.S. more effective in cyberspace. 

The symbiotic relationship was on display in the run up to Russia’s invasion of Ukraine. 

Cyber Command deployed a ten-person “hunt forward” team to the country last December. It eventually grew to 30 personnel, who remained in the country through the holidays and relayed information back to both organizations.

“Having 10 folks on the ground that are tied back to our command and our agency, that’s a power that I think is really helpful,”Nakasone said last month during an event at the Council on Foreign Relations in Washington. The command has since deployed teams to Lithuania and Croatia.

Still, opponents of the existing leadership structure argue the responsibilities of each role have become so great — with Cyber Command taking on new missions like election security and combating ransomware — that no single person can manage both organizations successfully.

The guidance that established the Dunford-led review, which was triggered by a congressional request, didn’t give the group a mandate to make a policy recommendation about the leadership scheme, according to a second source.

The first source said even though the group didn’t champion a particular point of view, the overall positive findings reflect a consensus reached among its four members that the benefits of the joint leadership role outweigh any drawbacks.

The assessment will most likely be shared with the White House National Security Council (NSC), on an informal basis, as well as Congress.

Dunford’s team spoke with staffers from the House and Senate Intelligence and Armed Services committees, including some senators, in the course of their work to gauge Capitol Hill’s opinion on how the leadership arrangement is working. 

Lawmakers on the Armed Services panels have arrayed themselves in favor of the dual-hat, while on the House Intelligence Committee there is bipartisan desire to split up the two — a preference that could be unaffected by the recent review.

In a statement, Rep. Jim Langevin (D-R.I.), the retiring chair of the House Armed Services Committee’s cyber subpanel, welcomed the final result.

“I continue to believe that the dual hat arrangement is in the national security interest of the United States,” he said. “After conducting a thorough study of this issue, I hope that the participants of this review will agree.”

Nakasone, one of Cyber Command’s original architects, said he met with Dunford’s team and “had an opportunity to share my views.”

“From my perspective as the person that holds those jobs today … I see the tremendous value in being able to operate at speed, being able to operate with agility, and being able to operate with unity of effort, with one person that’s leading both those agencies,” he said at the Council on Foreign Relations event.

“At the end of the day this will be a decision, obviously, that the policymakers will decide on.”

Gavin Wilde, who has served at the NSC and NSA, said he was “not very surprised at all” the review didn’t deliver a decision, given the Defense Department’s clout in interagency policy debates and that a retired general led the process.

“When you ask folks with military backgrounds, or generals specifically, to grade their own homework, there’s a long and rich history of, ‘Everything’s working fine and don’t change anything,’” according to Wilde, now a senior fellow at the Carnegie Endowment for International Peace.

“I wish someone, either in the administration or in the Pentagon, would just cop to we never intend to split the hat or perhaps we never intended to to begin with,” he added.

“I’m still hopeful there’s a no-holds barred assessment of where there are real drawbacks so we dispense with the whole idea that it’s working merely because of inertia or lack of bureaucratic courage,” Wilde told The Record. “I would want to know that.”

A spokesperson for the Office of the Director of National Intelligence declined to comment.

Martin is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.